// Copyright 2025 Google LLC
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
//     https://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
//
// Code generated by sidekick. DO NOT EDIT.
#![allow(rustdoc::redundant_explicit_links)]
#![allow(rustdoc::broken_intra_doc_links)]

/// Implements a client for the Cloud Key Management Service (KMS) API.
///
/// # Example
/// ```
/// # tokio_test::block_on(async {
/// # use google_cloud_kms_v1::client::Autokey;
/// let client = Autokey::builder().build().await?;
/// // use `client` to make requests to the Cloud Key Management Service (KMS) API.
/// # gax::client_builder::Result::<()>::Ok(()) });
/// ```
///
/// # Service Description
///
/// Provides interfaces for using [Cloud KMS
/// Autokey](https://cloud.google.com/kms/help/autokey) to provision new
/// [CryptoKeys][google.cloud.kms.v1.CryptoKey], ready for Customer Managed
/// Encryption Key (CMEK) use, on-demand. To support certain client tooling, this
/// feature is modeled around a [KeyHandle][google.cloud.kms.v1.KeyHandle]
/// resource: creating a [KeyHandle][google.cloud.kms.v1.KeyHandle] in a resource
/// project and given location triggers Cloud KMS Autokey to provision a
/// [CryptoKey][google.cloud.kms.v1.CryptoKey] in the configured key project and
/// the same location.
///
/// Prior to use in a given resource project,
/// [UpdateAutokeyConfig][google.cloud.kms.v1.AutokeyAdmin.UpdateAutokeyConfig]
/// should have been called on an ancestor folder, setting the key project where
/// Cloud KMS Autokey should create new
/// [CryptoKeys][google.cloud.kms.v1.CryptoKey]. See documentation for additional
/// prerequisites. To check what key project, if any, is currently configured on
/// a resource project's ancestor folder, see
/// [ShowEffectiveAutokeyConfig][google.cloud.kms.v1.AutokeyAdmin.ShowEffectiveAutokeyConfig].
///
/// [google.cloud.kms.v1.AutokeyAdmin.ShowEffectiveAutokeyConfig]: crate::client::AutokeyAdmin::show_effective_autokey_config
/// [google.cloud.kms.v1.AutokeyAdmin.UpdateAutokeyConfig]: crate::client::AutokeyAdmin::update_autokey_config
/// [google.cloud.kms.v1.CryptoKey]: crate::model::CryptoKey
/// [google.cloud.kms.v1.KeyHandle]: crate::model::KeyHandle
///
/// # Configuration
///
/// To configure `Autokey` use the `with_*` methods in the type returned
/// by [builder()][Autokey::builder]. The default configuration should
/// work for most applications. Common configuration changes include
///
/// * [with_endpoint()]: by default this client uses the global default endpoint
///   (`https://cloudkms.googleapis.com`). Applications using regional
///   endpoints or running in restricted networks (e.g. a network configured
//    with [Private Google Access with VPC Service Controls]) may want to
///   override this default.
/// * [with_credentials()]: by default this client uses
///   [Application Default Credentials]. Applications using custom
///   authentication may need to override this default.
///
/// [with_endpoint()]: super::builder::autokey::ClientBuilder::with_endpoint
/// [with_credentials()]: super::builder::autokey::ClientBuilder::credentials
/// [Private Google Access with VPC Service Controls]: https://cloud.google.com/vpc-service-controls/docs/private-connectivity
/// [Application Default Credentials]: https://cloud.google.com/docs/authentication#adc
///
/// # Pooling and Cloning
///
/// `Autokey` holds a connection pool internally, it is advised to
/// create one and the reuse it.  You do not need to wrap `Autokey` in
/// an [Rc](std::rc::Rc) or [Arc](std::sync::Arc) to reuse it, because it
/// already uses an `Arc` internally.
#[derive(Clone, Debug)]
pub struct Autokey {
    inner: std::sync::Arc<dyn super::stub::dynamic::Autokey>,
}

impl Autokey {
    /// Returns a builder for [Autokey].
    ///
    /// ```
    /// # tokio_test::block_on(async {
    /// # use google_cloud_kms_v1::client::Autokey;
    /// let client = Autokey::builder().build().await?;
    /// # gax::client_builder::Result::<()>::Ok(()) });
    /// ```
    pub fn builder() -> super::builder::autokey::ClientBuilder {
        gax::client_builder::internal::new_builder(super::builder::autokey::client::Factory)
    }

    /// Creates a new client from the provided stub.
    ///
    /// The most common case for calling this function is in tests mocking the
    /// client's behavior.
    pub fn from_stub<T>(stub: T) -> Self
    where
        T: super::stub::Autokey + 'static,
    {
        Self {
            inner: std::sync::Arc::new(stub),
        }
    }

    pub(crate) async fn new(
        config: gaxi::options::ClientConfig,
    ) -> gax::client_builder::Result<Self> {
        let inner = Self::build_inner(config).await?;
        Ok(Self { inner })
    }

    async fn build_inner(
        conf: gaxi::options::ClientConfig,
    ) -> gax::client_builder::Result<std::sync::Arc<dyn super::stub::dynamic::Autokey>> {
        if gaxi::options::tracing_enabled(&conf) {
            return Ok(std::sync::Arc::new(Self::build_with_tracing(conf).await?));
        }
        Ok(std::sync::Arc::new(Self::build_transport(conf).await?))
    }

    async fn build_transport(
        conf: gaxi::options::ClientConfig,
    ) -> gax::client_builder::Result<impl super::stub::Autokey> {
        super::transport::Autokey::new(conf).await
    }

    async fn build_with_tracing(
        conf: gaxi::options::ClientConfig,
    ) -> gax::client_builder::Result<impl super::stub::Autokey> {
        Self::build_transport(conf)
            .await
            .map(super::tracing::Autokey::new)
    }

    /// Creates a new [KeyHandle][google.cloud.kms.v1.KeyHandle], triggering the
    /// provisioning of a new [CryptoKey][google.cloud.kms.v1.CryptoKey] for CMEK
    /// use with the given resource type in the configured key project and the same
    /// location. [GetOperation][google.longrunning.Operations.GetOperation] should
    /// be used to resolve the resulting long-running operation and get the
    /// resulting [KeyHandle][google.cloud.kms.v1.KeyHandle] and
    /// [CryptoKey][google.cloud.kms.v1.CryptoKey].
    ///
    /// [google.cloud.kms.v1.CryptoKey]: crate::model::CryptoKey
    /// [google.cloud.kms.v1.KeyHandle]: crate::model::KeyHandle
    ///
    /// # Long running operations
    ///
    /// This method is used to start, and/or poll a [long-running Operation].
    /// The [Working with long-running operations] chapter in the [user guide]
    /// covers these operations in detail.
    ///
    /// [long-running operation]: https://google.aip.dev/151
    /// [user guide]: https://googleapis.github.io/google-cloud-rust/
    /// [working with long-running operations]: https://googleapis.github.io/google-cloud-rust/working_with_long_running_operations.html
    pub fn create_key_handle(&self) -> super::builder::autokey::CreateKeyHandle {
        super::builder::autokey::CreateKeyHandle::new(self.inner.clone())
    }

    /// Returns the [KeyHandle][google.cloud.kms.v1.KeyHandle].
    ///
    /// [google.cloud.kms.v1.KeyHandle]: crate::model::KeyHandle
    pub fn get_key_handle(&self) -> super::builder::autokey::GetKeyHandle {
        super::builder::autokey::GetKeyHandle::new(self.inner.clone())
    }

    /// Lists [KeyHandles][google.cloud.kms.v1.KeyHandle].
    ///
    /// [google.cloud.kms.v1.KeyHandle]: crate::model::KeyHandle
    pub fn list_key_handles(&self) -> super::builder::autokey::ListKeyHandles {
        super::builder::autokey::ListKeyHandles::new(self.inner.clone())
    }

    /// Lists information about the supported locations for this service.
    pub fn list_locations(&self) -> super::builder::autokey::ListLocations {
        super::builder::autokey::ListLocations::new(self.inner.clone())
    }

    /// Gets information about a location.
    pub fn get_location(&self) -> super::builder::autokey::GetLocation {
        super::builder::autokey::GetLocation::new(self.inner.clone())
    }

    /// Sets the access control policy on the specified resource. Replaces
    /// any existing policy.
    ///
    /// Can return `NOT_FOUND`, `INVALID_ARGUMENT`, and `PERMISSION_DENIED`
    /// errors.
    pub fn set_iam_policy(&self) -> super::builder::autokey::SetIamPolicy {
        super::builder::autokey::SetIamPolicy::new(self.inner.clone())
    }

    /// Gets the access control policy for a resource. Returns an empty policy
    /// if the resource exists and does not have a policy set.
    pub fn get_iam_policy(&self) -> super::builder::autokey::GetIamPolicy {
        super::builder::autokey::GetIamPolicy::new(self.inner.clone())
    }

    /// Returns permissions that a caller has on the specified resource. If the
    /// resource does not exist, this will return an empty set of
    /// permissions, not a `NOT_FOUND` error.
    ///
    /// Note: This operation is designed to be used for building
    /// permission-aware UIs and command-line tools, not for authorization
    /// checking. This operation may "fail open" without warning.
    pub fn test_iam_permissions(&self) -> super::builder::autokey::TestIamPermissions {
        super::builder::autokey::TestIamPermissions::new(self.inner.clone())
    }

    /// Provides the [Operations][google.longrunning.Operations] service functionality in this service.
    ///
    /// [google.longrunning.Operations]: longrunning::client::Operations
    pub fn get_operation(&self) -> super::builder::autokey::GetOperation {
        super::builder::autokey::GetOperation::new(self.inner.clone())
    }
}

/// Implements a client for the Cloud Key Management Service (KMS) API.
///
/// # Example
/// ```
/// # tokio_test::block_on(async {
/// # use google_cloud_kms_v1::client::AutokeyAdmin;
/// let client = AutokeyAdmin::builder().build().await?;
/// // use `client` to make requests to the Cloud Key Management Service (KMS) API.
/// # gax::client_builder::Result::<()>::Ok(()) });
/// ```
///
/// # Service Description
///
/// Provides interfaces for managing [Cloud KMS
/// Autokey](https://cloud.google.com/kms/help/autokey) folder-level
/// configurations. A configuration is inherited by all descendent projects. A
/// configuration at one folder overrides any other configurations in its
/// ancestry. Setting a configuration on a folder is a prerequisite for Cloud KMS
/// Autokey, so that users working in a descendant project can request
/// provisioned [CryptoKeys][google.cloud.kms.v1.CryptoKey], ready for Customer
/// Managed Encryption Key (CMEK) use, on-demand.
///
/// [google.cloud.kms.v1.CryptoKey]: crate::model::CryptoKey
///
/// # Configuration
///
/// To configure `AutokeyAdmin` use the `with_*` methods in the type returned
/// by [builder()][AutokeyAdmin::builder]. The default configuration should
/// work for most applications. Common configuration changes include
///
/// * [with_endpoint()]: by default this client uses the global default endpoint
///   (`https://cloudkms.googleapis.com`). Applications using regional
///   endpoints or running in restricted networks (e.g. a network configured
//    with [Private Google Access with VPC Service Controls]) may want to
///   override this default.
/// * [with_credentials()]: by default this client uses
///   [Application Default Credentials]. Applications using custom
///   authentication may need to override this default.
///
/// [with_endpoint()]: super::builder::autokey_admin::ClientBuilder::with_endpoint
/// [with_credentials()]: super::builder::autokey_admin::ClientBuilder::credentials
/// [Private Google Access with VPC Service Controls]: https://cloud.google.com/vpc-service-controls/docs/private-connectivity
/// [Application Default Credentials]: https://cloud.google.com/docs/authentication#adc
///
/// # Pooling and Cloning
///
/// `AutokeyAdmin` holds a connection pool internally, it is advised to
/// create one and the reuse it.  You do not need to wrap `AutokeyAdmin` in
/// an [Rc](std::rc::Rc) or [Arc](std::sync::Arc) to reuse it, because it
/// already uses an `Arc` internally.
#[derive(Clone, Debug)]
pub struct AutokeyAdmin {
    inner: std::sync::Arc<dyn super::stub::dynamic::AutokeyAdmin>,
}

impl AutokeyAdmin {
    /// Returns a builder for [AutokeyAdmin].
    ///
    /// ```
    /// # tokio_test::block_on(async {
    /// # use google_cloud_kms_v1::client::AutokeyAdmin;
    /// let client = AutokeyAdmin::builder().build().await?;
    /// # gax::client_builder::Result::<()>::Ok(()) });
    /// ```
    pub fn builder() -> super::builder::autokey_admin::ClientBuilder {
        gax::client_builder::internal::new_builder(super::builder::autokey_admin::client::Factory)
    }

    /// Creates a new client from the provided stub.
    ///
    /// The most common case for calling this function is in tests mocking the
    /// client's behavior.
    pub fn from_stub<T>(stub: T) -> Self
    where
        T: super::stub::AutokeyAdmin + 'static,
    {
        Self {
            inner: std::sync::Arc::new(stub),
        }
    }

    pub(crate) async fn new(
        config: gaxi::options::ClientConfig,
    ) -> gax::client_builder::Result<Self> {
        let inner = Self::build_inner(config).await?;
        Ok(Self { inner })
    }

    async fn build_inner(
        conf: gaxi::options::ClientConfig,
    ) -> gax::client_builder::Result<std::sync::Arc<dyn super::stub::dynamic::AutokeyAdmin>> {
        if gaxi::options::tracing_enabled(&conf) {
            return Ok(std::sync::Arc::new(Self::build_with_tracing(conf).await?));
        }
        Ok(std::sync::Arc::new(Self::build_transport(conf).await?))
    }

    async fn build_transport(
        conf: gaxi::options::ClientConfig,
    ) -> gax::client_builder::Result<impl super::stub::AutokeyAdmin> {
        super::transport::AutokeyAdmin::new(conf).await
    }

    async fn build_with_tracing(
        conf: gaxi::options::ClientConfig,
    ) -> gax::client_builder::Result<impl super::stub::AutokeyAdmin> {
        Self::build_transport(conf)
            .await
            .map(super::tracing::AutokeyAdmin::new)
    }

    /// Updates the [AutokeyConfig][google.cloud.kms.v1.AutokeyConfig] for a
    /// folder. The caller must have both `cloudkms.autokeyConfigs.update`
    /// permission on the parent folder and `cloudkms.cryptoKeys.setIamPolicy`
    /// permission on the provided key project. A
    /// [KeyHandle][google.cloud.kms.v1.KeyHandle] creation in the folder's
    /// descendant projects will use this configuration to determine where to
    /// create the resulting [CryptoKey][google.cloud.kms.v1.CryptoKey].
    ///
    /// [google.cloud.kms.v1.AutokeyConfig]: crate::model::AutokeyConfig
    /// [google.cloud.kms.v1.CryptoKey]: crate::model::CryptoKey
    /// [google.cloud.kms.v1.KeyHandle]: crate::model::KeyHandle
    pub fn update_autokey_config(&self) -> super::builder::autokey_admin::UpdateAutokeyConfig {
        super::builder::autokey_admin::UpdateAutokeyConfig::new(self.inner.clone())
    }

    /// Returns the [AutokeyConfig][google.cloud.kms.v1.AutokeyConfig] for a
    /// folder.
    ///
    /// [google.cloud.kms.v1.AutokeyConfig]: crate::model::AutokeyConfig
    pub fn get_autokey_config(&self) -> super::builder::autokey_admin::GetAutokeyConfig {
        super::builder::autokey_admin::GetAutokeyConfig::new(self.inner.clone())
    }

    /// Returns the effective Cloud KMS Autokey configuration for a given project.
    pub fn show_effective_autokey_config(
        &self,
    ) -> super::builder::autokey_admin::ShowEffectiveAutokeyConfig {
        super::builder::autokey_admin::ShowEffectiveAutokeyConfig::new(self.inner.clone())
    }

    /// Lists information about the supported locations for this service.
    pub fn list_locations(&self) -> super::builder::autokey_admin::ListLocations {
        super::builder::autokey_admin::ListLocations::new(self.inner.clone())
    }

    /// Gets information about a location.
    pub fn get_location(&self) -> super::builder::autokey_admin::GetLocation {
        super::builder::autokey_admin::GetLocation::new(self.inner.clone())
    }

    /// Sets the access control policy on the specified resource. Replaces
    /// any existing policy.
    ///
    /// Can return `NOT_FOUND`, `INVALID_ARGUMENT`, and `PERMISSION_DENIED`
    /// errors.
    pub fn set_iam_policy(&self) -> super::builder::autokey_admin::SetIamPolicy {
        super::builder::autokey_admin::SetIamPolicy::new(self.inner.clone())
    }

    /// Gets the access control policy for a resource. Returns an empty policy
    /// if the resource exists and does not have a policy set.
    pub fn get_iam_policy(&self) -> super::builder::autokey_admin::GetIamPolicy {
        super::builder::autokey_admin::GetIamPolicy::new(self.inner.clone())
    }

    /// Returns permissions that a caller has on the specified resource. If the
    /// resource does not exist, this will return an empty set of
    /// permissions, not a `NOT_FOUND` error.
    ///
    /// Note: This operation is designed to be used for building
    /// permission-aware UIs and command-line tools, not for authorization
    /// checking. This operation may "fail open" without warning.
    pub fn test_iam_permissions(&self) -> super::builder::autokey_admin::TestIamPermissions {
        super::builder::autokey_admin::TestIamPermissions::new(self.inner.clone())
    }

    /// Provides the [Operations][google.longrunning.Operations] service functionality in this service.
    ///
    /// [google.longrunning.Operations]: longrunning::client::Operations
    pub fn get_operation(&self) -> super::builder::autokey_admin::GetOperation {
        super::builder::autokey_admin::GetOperation::new(self.inner.clone())
    }
}

/// Implements a client for the Cloud Key Management Service (KMS) API.
///
/// # Example
/// ```
/// # tokio_test::block_on(async {
/// # use google_cloud_kms_v1::client::EkmService;
/// let client = EkmService::builder().build().await?;
/// // use `client` to make requests to the Cloud Key Management Service (KMS) API.
/// # gax::client_builder::Result::<()>::Ok(()) });
/// ```
///
/// # Service Description
///
/// Google Cloud Key Management EKM Service
///
/// Manages external cryptographic keys and operations using those keys.
/// Implements a REST model with the following objects:
///
/// * [EkmConnection][google.cloud.kms.v1.EkmConnection]
///
/// [google.cloud.kms.v1.EkmConnection]: crate::model::EkmConnection
///
/// # Configuration
///
/// To configure `EkmService` use the `with_*` methods in the type returned
/// by [builder()][EkmService::builder]. The default configuration should
/// work for most applications. Common configuration changes include
///
/// * [with_endpoint()]: by default this client uses the global default endpoint
///   (`https://cloudkms.googleapis.com`). Applications using regional
///   endpoints or running in restricted networks (e.g. a network configured
//    with [Private Google Access with VPC Service Controls]) may want to
///   override this default.
/// * [with_credentials()]: by default this client uses
///   [Application Default Credentials]. Applications using custom
///   authentication may need to override this default.
///
/// [with_endpoint()]: super::builder::ekm_service::ClientBuilder::with_endpoint
/// [with_credentials()]: super::builder::ekm_service::ClientBuilder::credentials
/// [Private Google Access with VPC Service Controls]: https://cloud.google.com/vpc-service-controls/docs/private-connectivity
/// [Application Default Credentials]: https://cloud.google.com/docs/authentication#adc
///
/// # Pooling and Cloning
///
/// `EkmService` holds a connection pool internally, it is advised to
/// create one and the reuse it.  You do not need to wrap `EkmService` in
/// an [Rc](std::rc::Rc) or [Arc](std::sync::Arc) to reuse it, because it
/// already uses an `Arc` internally.
#[derive(Clone, Debug)]
pub struct EkmService {
    inner: std::sync::Arc<dyn super::stub::dynamic::EkmService>,
}

impl EkmService {
    /// Returns a builder for [EkmService].
    ///
    /// ```
    /// # tokio_test::block_on(async {
    /// # use google_cloud_kms_v1::client::EkmService;
    /// let client = EkmService::builder().build().await?;
    /// # gax::client_builder::Result::<()>::Ok(()) });
    /// ```
    pub fn builder() -> super::builder::ekm_service::ClientBuilder {
        gax::client_builder::internal::new_builder(super::builder::ekm_service::client::Factory)
    }

    /// Creates a new client from the provided stub.
    ///
    /// The most common case for calling this function is in tests mocking the
    /// client's behavior.
    pub fn from_stub<T>(stub: T) -> Self
    where
        T: super::stub::EkmService + 'static,
    {
        Self {
            inner: std::sync::Arc::new(stub),
        }
    }

    pub(crate) async fn new(
        config: gaxi::options::ClientConfig,
    ) -> gax::client_builder::Result<Self> {
        let inner = Self::build_inner(config).await?;
        Ok(Self { inner })
    }

    async fn build_inner(
        conf: gaxi::options::ClientConfig,
    ) -> gax::client_builder::Result<std::sync::Arc<dyn super::stub::dynamic::EkmService>> {
        if gaxi::options::tracing_enabled(&conf) {
            return Ok(std::sync::Arc::new(Self::build_with_tracing(conf).await?));
        }
        Ok(std::sync::Arc::new(Self::build_transport(conf).await?))
    }

    async fn build_transport(
        conf: gaxi::options::ClientConfig,
    ) -> gax::client_builder::Result<impl super::stub::EkmService> {
        super::transport::EkmService::new(conf).await
    }

    async fn build_with_tracing(
        conf: gaxi::options::ClientConfig,
    ) -> gax::client_builder::Result<impl super::stub::EkmService> {
        Self::build_transport(conf)
            .await
            .map(super::tracing::EkmService::new)
    }

    /// Lists [EkmConnections][google.cloud.kms.v1.EkmConnection].
    ///
    /// [google.cloud.kms.v1.EkmConnection]: crate::model::EkmConnection
    pub fn list_ekm_connections(&self) -> super::builder::ekm_service::ListEkmConnections {
        super::builder::ekm_service::ListEkmConnections::new(self.inner.clone())
    }

    /// Returns metadata for a given
    /// [EkmConnection][google.cloud.kms.v1.EkmConnection].
    ///
    /// [google.cloud.kms.v1.EkmConnection]: crate::model::EkmConnection
    pub fn get_ekm_connection(&self) -> super::builder::ekm_service::GetEkmConnection {
        super::builder::ekm_service::GetEkmConnection::new(self.inner.clone())
    }

    /// Creates a new [EkmConnection][google.cloud.kms.v1.EkmConnection] in a given
    /// Project and Location.
    ///
    /// [google.cloud.kms.v1.EkmConnection]: crate::model::EkmConnection
    pub fn create_ekm_connection(&self) -> super::builder::ekm_service::CreateEkmConnection {
        super::builder::ekm_service::CreateEkmConnection::new(self.inner.clone())
    }

    /// Updates an [EkmConnection][google.cloud.kms.v1.EkmConnection]'s metadata.
    ///
    /// [google.cloud.kms.v1.EkmConnection]: crate::model::EkmConnection
    pub fn update_ekm_connection(&self) -> super::builder::ekm_service::UpdateEkmConnection {
        super::builder::ekm_service::UpdateEkmConnection::new(self.inner.clone())
    }

    /// Returns the [EkmConfig][google.cloud.kms.v1.EkmConfig] singleton resource
    /// for a given project and location.
    ///
    /// [google.cloud.kms.v1.EkmConfig]: crate::model::EkmConfig
    pub fn get_ekm_config(&self) -> super::builder::ekm_service::GetEkmConfig {
        super::builder::ekm_service::GetEkmConfig::new(self.inner.clone())
    }

    /// Updates the [EkmConfig][google.cloud.kms.v1.EkmConfig] singleton resource
    /// for a given project and location.
    ///
    /// [google.cloud.kms.v1.EkmConfig]: crate::model::EkmConfig
    pub fn update_ekm_config(&self) -> super::builder::ekm_service::UpdateEkmConfig {
        super::builder::ekm_service::UpdateEkmConfig::new(self.inner.clone())
    }

    /// Verifies that Cloud KMS can successfully connect to the external key
    /// manager specified by an [EkmConnection][google.cloud.kms.v1.EkmConnection].
    /// If there is an error connecting to the EKM, this method returns a
    /// FAILED_PRECONDITION status containing structured information as described
    /// at <https://cloud.google.com/kms/docs/reference/ekm_errors>.
    ///
    /// [google.cloud.kms.v1.EkmConnection]: crate::model::EkmConnection
    pub fn verify_connectivity(&self) -> super::builder::ekm_service::VerifyConnectivity {
        super::builder::ekm_service::VerifyConnectivity::new(self.inner.clone())
    }

    /// Lists information about the supported locations for this service.
    pub fn list_locations(&self) -> super::builder::ekm_service::ListLocations {
        super::builder::ekm_service::ListLocations::new(self.inner.clone())
    }

    /// Gets information about a location.
    pub fn get_location(&self) -> super::builder::ekm_service::GetLocation {
        super::builder::ekm_service::GetLocation::new(self.inner.clone())
    }

    /// Sets the access control policy on the specified resource. Replaces
    /// any existing policy.
    ///
    /// Can return `NOT_FOUND`, `INVALID_ARGUMENT`, and `PERMISSION_DENIED`
    /// errors.
    pub fn set_iam_policy(&self) -> super::builder::ekm_service::SetIamPolicy {
        super::builder::ekm_service::SetIamPolicy::new(self.inner.clone())
    }

    /// Gets the access control policy for a resource. Returns an empty policy
    /// if the resource exists and does not have a policy set.
    pub fn get_iam_policy(&self) -> super::builder::ekm_service::GetIamPolicy {
        super::builder::ekm_service::GetIamPolicy::new(self.inner.clone())
    }

    /// Returns permissions that a caller has on the specified resource. If the
    /// resource does not exist, this will return an empty set of
    /// permissions, not a `NOT_FOUND` error.
    ///
    /// Note: This operation is designed to be used for building
    /// permission-aware UIs and command-line tools, not for authorization
    /// checking. This operation may "fail open" without warning.
    pub fn test_iam_permissions(&self) -> super::builder::ekm_service::TestIamPermissions {
        super::builder::ekm_service::TestIamPermissions::new(self.inner.clone())
    }

    /// Provides the [Operations][google.longrunning.Operations] service functionality in this service.
    ///
    /// [google.longrunning.Operations]: longrunning::client::Operations
    pub fn get_operation(&self) -> super::builder::ekm_service::GetOperation {
        super::builder::ekm_service::GetOperation::new(self.inner.clone())
    }
}

/// Implements a client for the Cloud Key Management Service (KMS) API.
///
/// # Example
/// ```
/// # tokio_test::block_on(async {
/// # use google_cloud_kms_v1::client::KeyManagementService;
/// let client = KeyManagementService::builder().build().await?;
/// // use `client` to make requests to the Cloud Key Management Service (KMS) API.
/// # gax::client_builder::Result::<()>::Ok(()) });
/// ```
///
/// # Service Description
///
/// Google Cloud Key Management Service
///
/// Manages cryptographic keys and operations using those keys. Implements a REST
/// model with the following objects:
///
/// * [KeyRing][google.cloud.kms.v1.KeyRing]
/// * [CryptoKey][google.cloud.kms.v1.CryptoKey]
/// * [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]
/// * [ImportJob][google.cloud.kms.v1.ImportJob]
///
/// If you are using manual gRPC libraries, see
/// [Using gRPC with Cloud KMS](https://cloud.google.com/kms/docs/grpc).
///
/// [google.cloud.kms.v1.CryptoKey]: crate::model::CryptoKey
/// [google.cloud.kms.v1.CryptoKeyVersion]: crate::model::CryptoKeyVersion
/// [google.cloud.kms.v1.ImportJob]: crate::model::ImportJob
/// [google.cloud.kms.v1.KeyRing]: crate::model::KeyRing
///
/// # Configuration
///
/// To configure `KeyManagementService` use the `with_*` methods in the type returned
/// by [builder()][KeyManagementService::builder]. The default configuration should
/// work for most applications. Common configuration changes include
///
/// * [with_endpoint()]: by default this client uses the global default endpoint
///   (`https://cloudkms.googleapis.com`). Applications using regional
///   endpoints or running in restricted networks (e.g. a network configured
//    with [Private Google Access with VPC Service Controls]) may want to
///   override this default.
/// * [with_credentials()]: by default this client uses
///   [Application Default Credentials]. Applications using custom
///   authentication may need to override this default.
///
/// [with_endpoint()]: super::builder::key_management_service::ClientBuilder::with_endpoint
/// [with_credentials()]: super::builder::key_management_service::ClientBuilder::credentials
/// [Private Google Access with VPC Service Controls]: https://cloud.google.com/vpc-service-controls/docs/private-connectivity
/// [Application Default Credentials]: https://cloud.google.com/docs/authentication#adc
///
/// # Pooling and Cloning
///
/// `KeyManagementService` holds a connection pool internally, it is advised to
/// create one and the reuse it.  You do not need to wrap `KeyManagementService` in
/// an [Rc](std::rc::Rc) or [Arc](std::sync::Arc) to reuse it, because it
/// already uses an `Arc` internally.
#[derive(Clone, Debug)]
pub struct KeyManagementService {
    inner: std::sync::Arc<dyn super::stub::dynamic::KeyManagementService>,
}

impl KeyManagementService {
    /// Returns a builder for [KeyManagementService].
    ///
    /// ```
    /// # tokio_test::block_on(async {
    /// # use google_cloud_kms_v1::client::KeyManagementService;
    /// let client = KeyManagementService::builder().build().await?;
    /// # gax::client_builder::Result::<()>::Ok(()) });
    /// ```
    pub fn builder() -> super::builder::key_management_service::ClientBuilder {
        gax::client_builder::internal::new_builder(
            super::builder::key_management_service::client::Factory,
        )
    }

    /// Creates a new client from the provided stub.
    ///
    /// The most common case for calling this function is in tests mocking the
    /// client's behavior.
    pub fn from_stub<T>(stub: T) -> Self
    where
        T: super::stub::KeyManagementService + 'static,
    {
        Self {
            inner: std::sync::Arc::new(stub),
        }
    }

    pub(crate) async fn new(
        config: gaxi::options::ClientConfig,
    ) -> gax::client_builder::Result<Self> {
        let inner = Self::build_inner(config).await?;
        Ok(Self { inner })
    }

    async fn build_inner(
        conf: gaxi::options::ClientConfig,
    ) -> gax::client_builder::Result<std::sync::Arc<dyn super::stub::dynamic::KeyManagementService>>
    {
        if gaxi::options::tracing_enabled(&conf) {
            return Ok(std::sync::Arc::new(Self::build_with_tracing(conf).await?));
        }
        Ok(std::sync::Arc::new(Self::build_transport(conf).await?))
    }

    async fn build_transport(
        conf: gaxi::options::ClientConfig,
    ) -> gax::client_builder::Result<impl super::stub::KeyManagementService> {
        super::transport::KeyManagementService::new(conf).await
    }

    async fn build_with_tracing(
        conf: gaxi::options::ClientConfig,
    ) -> gax::client_builder::Result<impl super::stub::KeyManagementService> {
        Self::build_transport(conf)
            .await
            .map(super::tracing::KeyManagementService::new)
    }

    /// Lists [KeyRings][google.cloud.kms.v1.KeyRing].
    ///
    /// [google.cloud.kms.v1.KeyRing]: crate::model::KeyRing
    pub fn list_key_rings(&self) -> super::builder::key_management_service::ListKeyRings {
        super::builder::key_management_service::ListKeyRings::new(self.inner.clone())
    }

    /// Lists [CryptoKeys][google.cloud.kms.v1.CryptoKey].
    ///
    /// [google.cloud.kms.v1.CryptoKey]: crate::model::CryptoKey
    pub fn list_crypto_keys(&self) -> super::builder::key_management_service::ListCryptoKeys {
        super::builder::key_management_service::ListCryptoKeys::new(self.inner.clone())
    }

    /// Lists [CryptoKeyVersions][google.cloud.kms.v1.CryptoKeyVersion].
    ///
    /// [google.cloud.kms.v1.CryptoKeyVersion]: crate::model::CryptoKeyVersion
    pub fn list_crypto_key_versions(
        &self,
    ) -> super::builder::key_management_service::ListCryptoKeyVersions {
        super::builder::key_management_service::ListCryptoKeyVersions::new(self.inner.clone())
    }

    /// Lists [ImportJobs][google.cloud.kms.v1.ImportJob].
    ///
    /// [google.cloud.kms.v1.ImportJob]: crate::model::ImportJob
    pub fn list_import_jobs(&self) -> super::builder::key_management_service::ListImportJobs {
        super::builder::key_management_service::ListImportJobs::new(self.inner.clone())
    }

    /// Returns metadata for a given [KeyRing][google.cloud.kms.v1.KeyRing].
    ///
    /// [google.cloud.kms.v1.KeyRing]: crate::model::KeyRing
    pub fn get_key_ring(&self) -> super::builder::key_management_service::GetKeyRing {
        super::builder::key_management_service::GetKeyRing::new(self.inner.clone())
    }

    /// Returns metadata for a given [CryptoKey][google.cloud.kms.v1.CryptoKey], as
    /// well as its [primary][google.cloud.kms.v1.CryptoKey.primary]
    /// [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion].
    ///
    /// [google.cloud.kms.v1.CryptoKey]: crate::model::CryptoKey
    /// [google.cloud.kms.v1.CryptoKey.primary]: crate::model::CryptoKey::primary
    /// [google.cloud.kms.v1.CryptoKeyVersion]: crate::model::CryptoKeyVersion
    pub fn get_crypto_key(&self) -> super::builder::key_management_service::GetCryptoKey {
        super::builder::key_management_service::GetCryptoKey::new(self.inner.clone())
    }

    /// Returns metadata for a given
    /// [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion].
    ///
    /// [google.cloud.kms.v1.CryptoKeyVersion]: crate::model::CryptoKeyVersion
    pub fn get_crypto_key_version(
        &self,
    ) -> super::builder::key_management_service::GetCryptoKeyVersion {
        super::builder::key_management_service::GetCryptoKeyVersion::new(self.inner.clone())
    }

    /// Returns the public key for the given
    /// [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]. The
    /// [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] must be
    /// [ASYMMETRIC_SIGN][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ASYMMETRIC_SIGN]
    /// or
    /// [ASYMMETRIC_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ASYMMETRIC_DECRYPT].
    ///
    /// [google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ASYMMETRIC_DECRYPT]: crate::model::crypto_key::CryptoKeyPurpose::AsymmetricDecrypt
    /// [google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ASYMMETRIC_SIGN]: crate::model::crypto_key::CryptoKeyPurpose::AsymmetricSign
    /// [google.cloud.kms.v1.CryptoKey.purpose]: crate::model::CryptoKey::purpose
    /// [google.cloud.kms.v1.CryptoKeyVersion]: crate::model::CryptoKeyVersion
    pub fn get_public_key(&self) -> super::builder::key_management_service::GetPublicKey {
        super::builder::key_management_service::GetPublicKey::new(self.inner.clone())
    }

    /// Returns metadata for a given [ImportJob][google.cloud.kms.v1.ImportJob].
    ///
    /// [google.cloud.kms.v1.ImportJob]: crate::model::ImportJob
    pub fn get_import_job(&self) -> super::builder::key_management_service::GetImportJob {
        super::builder::key_management_service::GetImportJob::new(self.inner.clone())
    }

    /// Create a new [KeyRing][google.cloud.kms.v1.KeyRing] in a given Project and
    /// Location.
    ///
    /// [google.cloud.kms.v1.KeyRing]: crate::model::KeyRing
    pub fn create_key_ring(&self) -> super::builder::key_management_service::CreateKeyRing {
        super::builder::key_management_service::CreateKeyRing::new(self.inner.clone())
    }

    /// Create a new [CryptoKey][google.cloud.kms.v1.CryptoKey] within a
    /// [KeyRing][google.cloud.kms.v1.KeyRing].
    ///
    /// [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] and
    /// [CryptoKey.version_template.algorithm][google.cloud.kms.v1.CryptoKeyVersionTemplate.algorithm]
    /// are required.
    ///
    /// [google.cloud.kms.v1.CryptoKey]: crate::model::CryptoKey
    /// [google.cloud.kms.v1.CryptoKey.purpose]: crate::model::CryptoKey::purpose
    /// [google.cloud.kms.v1.CryptoKeyVersionTemplate.algorithm]: crate::model::CryptoKeyVersionTemplate::algorithm
    /// [google.cloud.kms.v1.KeyRing]: crate::model::KeyRing
    pub fn create_crypto_key(&self) -> super::builder::key_management_service::CreateCryptoKey {
        super::builder::key_management_service::CreateCryptoKey::new(self.inner.clone())
    }

    /// Create a new [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] in a
    /// [CryptoKey][google.cloud.kms.v1.CryptoKey].
    ///
    /// The server will assign the next sequential id. If unset,
    /// [state][google.cloud.kms.v1.CryptoKeyVersion.state] will be set to
    /// [ENABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.ENABLED].
    ///
    /// [google.cloud.kms.v1.CryptoKey]: crate::model::CryptoKey
    /// [google.cloud.kms.v1.CryptoKeyVersion]: crate::model::CryptoKeyVersion
    /// [google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.ENABLED]: crate::model::crypto_key_version::CryptoKeyVersionState::Enabled
    /// [google.cloud.kms.v1.CryptoKeyVersion.state]: crate::model::CryptoKeyVersion::state
    pub fn create_crypto_key_version(
        &self,
    ) -> super::builder::key_management_service::CreateCryptoKeyVersion {
        super::builder::key_management_service::CreateCryptoKeyVersion::new(self.inner.clone())
    }

    /// Import wrapped key material into a
    /// [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion].
    ///
    /// All requests must specify a [CryptoKey][google.cloud.kms.v1.CryptoKey]. If
    /// a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] is additionally
    /// specified in the request, key material will be reimported into that
    /// version. Otherwise, a new version will be created, and will be assigned the
    /// next sequential id within the [CryptoKey][google.cloud.kms.v1.CryptoKey].
    ///
    /// [google.cloud.kms.v1.CryptoKey]: crate::model::CryptoKey
    /// [google.cloud.kms.v1.CryptoKeyVersion]: crate::model::CryptoKeyVersion
    pub fn import_crypto_key_version(
        &self,
    ) -> super::builder::key_management_service::ImportCryptoKeyVersion {
        super::builder::key_management_service::ImportCryptoKeyVersion::new(self.inner.clone())
    }

    /// Create a new [ImportJob][google.cloud.kms.v1.ImportJob] within a
    /// [KeyRing][google.cloud.kms.v1.KeyRing].
    ///
    /// [ImportJob.import_method][google.cloud.kms.v1.ImportJob.import_method] is
    /// required.
    ///
    /// [google.cloud.kms.v1.ImportJob]: crate::model::ImportJob
    /// [google.cloud.kms.v1.ImportJob.import_method]: crate::model::ImportJob::import_method
    /// [google.cloud.kms.v1.KeyRing]: crate::model::KeyRing
    pub fn create_import_job(&self) -> super::builder::key_management_service::CreateImportJob {
        super::builder::key_management_service::CreateImportJob::new(self.inner.clone())
    }

    /// Update a [CryptoKey][google.cloud.kms.v1.CryptoKey].
    ///
    /// [google.cloud.kms.v1.CryptoKey]: crate::model::CryptoKey
    pub fn update_crypto_key(&self) -> super::builder::key_management_service::UpdateCryptoKey {
        super::builder::key_management_service::UpdateCryptoKey::new(self.inner.clone())
    }

    /// Update a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]'s
    /// metadata.
    ///
    /// [state][google.cloud.kms.v1.CryptoKeyVersion.state] may be changed between
    /// [ENABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.ENABLED]
    /// and
    /// [DISABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DISABLED]
    /// using this method. See
    /// [DestroyCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.DestroyCryptoKeyVersion]
    /// and
    /// [RestoreCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.RestoreCryptoKeyVersion]
    /// to move between other states.
    ///
    /// [google.cloud.kms.v1.CryptoKeyVersion]: crate::model::CryptoKeyVersion
    /// [google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DISABLED]: crate::model::crypto_key_version::CryptoKeyVersionState::Disabled
    /// [google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.ENABLED]: crate::model::crypto_key_version::CryptoKeyVersionState::Enabled
    /// [google.cloud.kms.v1.CryptoKeyVersion.state]: crate::model::CryptoKeyVersion::state
    /// [google.cloud.kms.v1.KeyManagementService.DestroyCryptoKeyVersion]: crate::client::KeyManagementService::destroy_crypto_key_version
    /// [google.cloud.kms.v1.KeyManagementService.RestoreCryptoKeyVersion]: crate::client::KeyManagementService::restore_crypto_key_version
    pub fn update_crypto_key_version(
        &self,
    ) -> super::builder::key_management_service::UpdateCryptoKeyVersion {
        super::builder::key_management_service::UpdateCryptoKeyVersion::new(self.inner.clone())
    }

    /// Update the version of a [CryptoKey][google.cloud.kms.v1.CryptoKey] that
    /// will be used in
    /// [Encrypt][google.cloud.kms.v1.KeyManagementService.Encrypt].
    ///
    /// Returns an error if called on a key whose purpose is not
    /// [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT].
    ///
    /// [google.cloud.kms.v1.CryptoKey]: crate::model::CryptoKey
    /// [google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT]: crate::model::crypto_key::CryptoKeyPurpose::EncryptDecrypt
    /// [google.cloud.kms.v1.KeyManagementService.Encrypt]: crate::client::KeyManagementService::encrypt
    pub fn update_crypto_key_primary_version(
        &self,
    ) -> super::builder::key_management_service::UpdateCryptoKeyPrimaryVersion {
        super::builder::key_management_service::UpdateCryptoKeyPrimaryVersion::new(
            self.inner.clone(),
        )
    }

    /// Schedule a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] for
    /// destruction.
    ///
    /// Upon calling this method,
    /// [CryptoKeyVersion.state][google.cloud.kms.v1.CryptoKeyVersion.state] will
    /// be set to
    /// [DESTROY_SCHEDULED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROY_SCHEDULED],
    /// and [destroy_time][google.cloud.kms.v1.CryptoKeyVersion.destroy_time] will
    /// be set to the time
    /// [destroy_scheduled_duration][google.cloud.kms.v1.CryptoKey.destroy_scheduled_duration]
    /// in the future. At that time, the
    /// [state][google.cloud.kms.v1.CryptoKeyVersion.state] will automatically
    /// change to
    /// [DESTROYED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROYED],
    /// and the key material will be irrevocably destroyed.
    ///
    /// Before the
    /// [destroy_time][google.cloud.kms.v1.CryptoKeyVersion.destroy_time] is
    /// reached,
    /// [RestoreCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.RestoreCryptoKeyVersion]
    /// may be called to reverse the process.
    ///
    /// [google.cloud.kms.v1.CryptoKey.destroy_scheduled_duration]: crate::model::CryptoKey::destroy_scheduled_duration
    /// [google.cloud.kms.v1.CryptoKeyVersion]: crate::model::CryptoKeyVersion
    /// [google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROYED]: crate::model::crypto_key_version::CryptoKeyVersionState::Destroyed
    /// [google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROY_SCHEDULED]: crate::model::crypto_key_version::CryptoKeyVersionState::DestroyScheduled
    /// [google.cloud.kms.v1.CryptoKeyVersion.destroy_time]: crate::model::CryptoKeyVersion::destroy_time
    /// [google.cloud.kms.v1.CryptoKeyVersion.state]: crate::model::CryptoKeyVersion::state
    /// [google.cloud.kms.v1.KeyManagementService.RestoreCryptoKeyVersion]: crate::client::KeyManagementService::restore_crypto_key_version
    pub fn destroy_crypto_key_version(
        &self,
    ) -> super::builder::key_management_service::DestroyCryptoKeyVersion {
        super::builder::key_management_service::DestroyCryptoKeyVersion::new(self.inner.clone())
    }

    /// Restore a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] in the
    /// [DESTROY_SCHEDULED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROY_SCHEDULED]
    /// state.
    ///
    /// Upon restoration of the CryptoKeyVersion,
    /// [state][google.cloud.kms.v1.CryptoKeyVersion.state] will be set to
    /// [DISABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DISABLED],
    /// and [destroy_time][google.cloud.kms.v1.CryptoKeyVersion.destroy_time] will
    /// be cleared.
    ///
    /// [google.cloud.kms.v1.CryptoKeyVersion]: crate::model::CryptoKeyVersion
    /// [google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROY_SCHEDULED]: crate::model::crypto_key_version::CryptoKeyVersionState::DestroyScheduled
    /// [google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DISABLED]: crate::model::crypto_key_version::CryptoKeyVersionState::Disabled
    /// [google.cloud.kms.v1.CryptoKeyVersion.destroy_time]: crate::model::CryptoKeyVersion::destroy_time
    /// [google.cloud.kms.v1.CryptoKeyVersion.state]: crate::model::CryptoKeyVersion::state
    pub fn restore_crypto_key_version(
        &self,
    ) -> super::builder::key_management_service::RestoreCryptoKeyVersion {
        super::builder::key_management_service::RestoreCryptoKeyVersion::new(self.inner.clone())
    }

    /// Encrypts data, so that it can only be recovered by a call to
    /// [Decrypt][google.cloud.kms.v1.KeyManagementService.Decrypt]. The
    /// [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] must be
    /// [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT].
    ///
    /// [google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT]: crate::model::crypto_key::CryptoKeyPurpose::EncryptDecrypt
    /// [google.cloud.kms.v1.CryptoKey.purpose]: crate::model::CryptoKey::purpose
    /// [google.cloud.kms.v1.KeyManagementService.Decrypt]: crate::client::KeyManagementService::decrypt
    pub fn encrypt(&self) -> super::builder::key_management_service::Encrypt {
        super::builder::key_management_service::Encrypt::new(self.inner.clone())
    }

    /// Decrypts data that was protected by
    /// [Encrypt][google.cloud.kms.v1.KeyManagementService.Encrypt]. The
    /// [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] must be
    /// [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT].
    ///
    /// [google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT]: crate::model::crypto_key::CryptoKeyPurpose::EncryptDecrypt
    /// [google.cloud.kms.v1.CryptoKey.purpose]: crate::model::CryptoKey::purpose
    /// [google.cloud.kms.v1.KeyManagementService.Encrypt]: crate::client::KeyManagementService::encrypt
    pub fn decrypt(&self) -> super::builder::key_management_service::Decrypt {
        super::builder::key_management_service::Decrypt::new(self.inner.clone())
    }

    /// Encrypts data using portable cryptographic primitives. Most users should
    /// choose [Encrypt][google.cloud.kms.v1.KeyManagementService.Encrypt] and
    /// [Decrypt][google.cloud.kms.v1.KeyManagementService.Decrypt] rather than
    /// their raw counterparts. The
    /// [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] must be
    /// [RAW_ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.RAW_ENCRYPT_DECRYPT].
    ///
    /// [google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.RAW_ENCRYPT_DECRYPT]: crate::model::crypto_key::CryptoKeyPurpose::RawEncryptDecrypt
    /// [google.cloud.kms.v1.CryptoKey.purpose]: crate::model::CryptoKey::purpose
    /// [google.cloud.kms.v1.KeyManagementService.Decrypt]: crate::client::KeyManagementService::decrypt
    /// [google.cloud.kms.v1.KeyManagementService.Encrypt]: crate::client::KeyManagementService::encrypt
    pub fn raw_encrypt(&self) -> super::builder::key_management_service::RawEncrypt {
        super::builder::key_management_service::RawEncrypt::new(self.inner.clone())
    }

    /// Decrypts data that was originally encrypted using a raw cryptographic
    /// mechanism. The [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose]
    /// must be
    /// [RAW_ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.RAW_ENCRYPT_DECRYPT].
    ///
    /// [google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.RAW_ENCRYPT_DECRYPT]: crate::model::crypto_key::CryptoKeyPurpose::RawEncryptDecrypt
    /// [google.cloud.kms.v1.CryptoKey.purpose]: crate::model::CryptoKey::purpose
    pub fn raw_decrypt(&self) -> super::builder::key_management_service::RawDecrypt {
        super::builder::key_management_service::RawDecrypt::new(self.inner.clone())
    }

    /// Signs data using a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]
    /// with [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose]
    /// ASYMMETRIC_SIGN, producing a signature that can be verified with the public
    /// key retrieved from
    /// [GetPublicKey][google.cloud.kms.v1.KeyManagementService.GetPublicKey].
    ///
    /// [google.cloud.kms.v1.CryptoKey.purpose]: crate::model::CryptoKey::purpose
    /// [google.cloud.kms.v1.CryptoKeyVersion]: crate::model::CryptoKeyVersion
    /// [google.cloud.kms.v1.KeyManagementService.GetPublicKey]: crate::client::KeyManagementService::get_public_key
    pub fn asymmetric_sign(&self) -> super::builder::key_management_service::AsymmetricSign {
        super::builder::key_management_service::AsymmetricSign::new(self.inner.clone())
    }

    /// Decrypts data that was encrypted with a public key retrieved from
    /// [GetPublicKey][google.cloud.kms.v1.KeyManagementService.GetPublicKey]
    /// corresponding to a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]
    /// with [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose]
    /// ASYMMETRIC_DECRYPT.
    ///
    /// [google.cloud.kms.v1.CryptoKey.purpose]: crate::model::CryptoKey::purpose
    /// [google.cloud.kms.v1.CryptoKeyVersion]: crate::model::CryptoKeyVersion
    /// [google.cloud.kms.v1.KeyManagementService.GetPublicKey]: crate::client::KeyManagementService::get_public_key
    pub fn asymmetric_decrypt(&self) -> super::builder::key_management_service::AsymmetricDecrypt {
        super::builder::key_management_service::AsymmetricDecrypt::new(self.inner.clone())
    }

    /// Signs data using a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]
    /// with [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] MAC,
    /// producing a tag that can be verified by another source with the same key.
    ///
    /// [google.cloud.kms.v1.CryptoKey.purpose]: crate::model::CryptoKey::purpose
    /// [google.cloud.kms.v1.CryptoKeyVersion]: crate::model::CryptoKeyVersion
    pub fn mac_sign(&self) -> super::builder::key_management_service::MacSign {
        super::builder::key_management_service::MacSign::new(self.inner.clone())
    }

    /// Verifies MAC tag using a
    /// [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] with
    /// [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] MAC, and returns
    /// a response that indicates whether or not the verification was successful.
    ///
    /// [google.cloud.kms.v1.CryptoKey.purpose]: crate::model::CryptoKey::purpose
    /// [google.cloud.kms.v1.CryptoKeyVersion]: crate::model::CryptoKeyVersion
    pub fn mac_verify(&self) -> super::builder::key_management_service::MacVerify {
        super::builder::key_management_service::MacVerify::new(self.inner.clone())
    }

    /// Decapsulates data that was encapsulated with a public key retrieved from
    /// [GetPublicKey][google.cloud.kms.v1.KeyManagementService.GetPublicKey]
    /// corresponding to a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]
    /// with [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose]
    /// KEY_ENCAPSULATION.
    ///
    /// [google.cloud.kms.v1.CryptoKey.purpose]: crate::model::CryptoKey::purpose
    /// [google.cloud.kms.v1.CryptoKeyVersion]: crate::model::CryptoKeyVersion
    /// [google.cloud.kms.v1.KeyManagementService.GetPublicKey]: crate::client::KeyManagementService::get_public_key
    pub fn decapsulate(&self) -> super::builder::key_management_service::Decapsulate {
        super::builder::key_management_service::Decapsulate::new(self.inner.clone())
    }

    /// Generate random bytes using the Cloud KMS randomness source in the provided
    /// location.
    pub fn generate_random_bytes(
        &self,
    ) -> super::builder::key_management_service::GenerateRandomBytes {
        super::builder::key_management_service::GenerateRandomBytes::new(self.inner.clone())
    }

    /// Lists information about the supported locations for this service.
    pub fn list_locations(&self) -> super::builder::key_management_service::ListLocations {
        super::builder::key_management_service::ListLocations::new(self.inner.clone())
    }

    /// Gets information about a location.
    pub fn get_location(&self) -> super::builder::key_management_service::GetLocation {
        super::builder::key_management_service::GetLocation::new(self.inner.clone())
    }

    /// Sets the access control policy on the specified resource. Replaces
    /// any existing policy.
    ///
    /// Can return `NOT_FOUND`, `INVALID_ARGUMENT`, and `PERMISSION_DENIED`
    /// errors.
    pub fn set_iam_policy(&self) -> super::builder::key_management_service::SetIamPolicy {
        super::builder::key_management_service::SetIamPolicy::new(self.inner.clone())
    }

    /// Gets the access control policy for a resource. Returns an empty policy
    /// if the resource exists and does not have a policy set.
    pub fn get_iam_policy(&self) -> super::builder::key_management_service::GetIamPolicy {
        super::builder::key_management_service::GetIamPolicy::new(self.inner.clone())
    }

    /// Returns permissions that a caller has on the specified resource. If the
    /// resource does not exist, this will return an empty set of
    /// permissions, not a `NOT_FOUND` error.
    ///
    /// Note: This operation is designed to be used for building
    /// permission-aware UIs and command-line tools, not for authorization
    /// checking. This operation may "fail open" without warning.
    pub fn test_iam_permissions(
        &self,
    ) -> super::builder::key_management_service::TestIamPermissions {
        super::builder::key_management_service::TestIamPermissions::new(self.inner.clone())
    }

    /// Provides the [Operations][google.longrunning.Operations] service functionality in this service.
    ///
    /// [google.longrunning.Operations]: longrunning::client::Operations
    pub fn get_operation(&self) -> super::builder::key_management_service::GetOperation {
        super::builder::key_management_service::GetOperation::new(self.inner.clone())
    }
}
